Spies are after UK’s Covid secrets, cyber security chief warns

‘Malicious actors’ trying to access vaccine procurement plans and data on variants

Lizzie Dearden
Security Correspondent
Monday 11 October 2021 18:42
Comments
<p>NCSC chief executive Lindy Cameron speaking at a conference held at Chatham House, London, on Monday </p>

NCSC chief executive Lindy Cameron speaking at a conference held at Chatham House, London, on Monday

Leer en Español

“Malicious actors” are trying to steal coronavirus vaccination plans and data on new variants, an arm of GCHQ has warned.

The chief executive of the National Cyber Security Agency (NCSC) said the pandemic was likely to cast a “significant shadow” for many years.

Lindy Cameron added: “Malicious actors continue to try and access Covid-related information, whether that is data on new variants or vaccine procurement plans.

“Some groups may also seek to use this information to undermine public trust in government responses to the pandemic, and criminals are now regularly using Covid-themed attacks as a way of scamming the public.”

Ms Cameron was speaking to the Chatham House Cyber 2021 conference on Monday, where she cited Russia, China, Iran and North Korea among countries mounting cyber attacks.

She said another emerging threat was the rise of a “commercial market for sophisticated cyber exploitation products” that could see unregulated software used for unlawful purposes.

The official named NSO Group’s Pegasus suite as an example, after the High Court found it was used by agents of Dubai's ruler Sheikh Mohammed bin Rashid al-Maktoum to hack the phones of his ex-wife and her lawyers.

The allegations, which are denied by Sheikh Mohammed, resulted in NSO Group ending its contract with the United Arab Emirates for breaching its rules.

“Reportedly, customers of NSO Group had marked tens of thousands of global telephone numbers as potential targets,” Ms Cameron said.

“Those with lower capabilities are able to simply purchase techniques and tradecraft – and obviously those unregulated products can easily be put to use by those who don’t have a history of responsible use of these techniques. So we need to avoid a marketplace for vulnerabilities and exploits developing that makes us all less safe.”

How spies hacked US secrets via Solarwinds' Orion software

Ms Cameron told the conference that ransomware, such as the WannaCry cyberattack that struck large parts of the NHS in 2017, still presented the most immediate danger to the UK and can affect businesses, schools, councils and critical national infrastructure.

She predicted that the threat from so-called “supply chain attacks”, where hackers target less secure third-party elements of target organisations, will grow.

An example was the 2020 SolarWinds attack, where hackers used a system used by businesses to manage IT resources to send out corrupted software updates that allowed them access into customers’ systems.

The US government was among SolarWinds customers, and the hackers were able to access emails at the US Treasury, Justice and State departments, as well as other agencies.

The attack was attributed to a Russian state-backed group by the British and American governments.

Ms Cameron said it was a “stark reminder of the need for governments and enterprises to make themselves more resilient, should one of their key technology suppliers be compromised”.

The NCSC chief said the integration of advancing technology into people’s everyday lives presented a “significant challenge”.

“In the coming years, society will benefit hugely from developments that make our lives more efficient and greener, such as smart cities,” she added. “But it is inevitable that our adversaries – whether they are nation-state or cyber criminals – will seek to exploit the opportunities that these changes bring.

“And when they are successful, the potential impacts are much greater than the attacks we see today. So, we must ensure we are in a strong position to safely take advantage of these emerging technologies.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in